package org.adorsys.encobject.service.api;

import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKMatcher;
import com.nimbusds.jose.jwk.JWKSelector;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.PasswordLookup;
import com.nimbusds.jose.jwk.RSAKey;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Enumeration;
import java.util.LinkedList;
import java.util.List;
import javax.crypto.SecretKey;
import org.adorsys.cryptoutils.exceptions.BaseExceptionHandler;
import org.adorsys.encobject.complextypes.BucketPath;
import org.adorsys.encobject.domain.KeyStoreAccess;
import org.adorsys.encobject.exceptions.AsymmetricEncryptionException;
import org.adorsys.encobject.exceptions.SymmetricEncryptionException;
import org.adorsys.encobject.service.impl.KeyStoreBasedPrivateKeySourceImpl;
import org.adorsys.encobject.service.impl.KeyStoreBasedPublicKeySourceImpl;
import org.adorsys.encobject.service.impl.KeyStoreBasedSecretKeySourceImpl;
import org.adorsys.encobject.types.KeyID;
import org.adorsys.encobject.types.PublicKeyJWK;
import org.adorsys.encobject.types.SecretKeyIDWithKey;
import org.adorsys.jjwk.keystore.JwkExport;
import org.adorsys.jjwk.serverkey.KeyAndJwk;
import org.adorsys.jjwk.serverkey.ServerKeyMap;
import org.adorsys.jkeygen.utils.V3CertificateUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/adorsys/encobject/service/api/KeyStore2KeySourceHelper.class */
public class KeyStore2KeySourceHelper {
    private static final Logger LOGGER = LoggerFactory.getLogger(KeyStore2KeySourceHelper.class);

    /* loaded from: input_file:org/adorsys/encobject/service/api/KeyStore2KeySourceHelper$KeySourceAndKeyID.class */
    public static class KeySourceAndKeyID {
        private final KeySource keySource;
        private final KeyID keyID;

        public KeySourceAndKeyID(KeySource keySource, KeyID keyID) {
            this.keySource = keySource;
            this.keyID = keyID;
        }

        public KeySource getKeySource() {
            return this.keySource;
        }

        public KeyID getKeyID() {
            return this.keyID;
        }
    }

    public static KeySourceAndKeyID getForPublicKey(KeystorePersistence keystorePersistence, KeyStoreAccess keyStoreAccess) {
        LOGGER.debug("getForPublicKey " + keyStoreAccess.getKeyStorePath());
        JWKSet load = load(keystorePersistence.loadKeystore(keyStoreAccess.getKeyStorePath().getObjectHandle(), keyStoreAccess.getKeyStoreAuth().getReadStoreHandler()), null, keyStoreAccess.getKeyStorePath());
        return new KeySourceAndKeyID(new KeyStoreBasedPublicKeySourceImpl(load), new KeyID(JwkExport.randomKey(selectEncKeys(load)).getKeyID()));
    }

    public static PublicKeyJWK getPublicKeyJWK(KeystorePersistence keystorePersistence, KeyStoreAccess keyStoreAccess) {
        LOGGER.debug("getPublicKeyJWK " + keyStoreAccess.getKeyStorePath());
        return new PublicKeyJWK(JwkExport.randomKey(selectEncKeys(load(keystorePersistence.loadKeystore(keyStoreAccess.getKeyStorePath().getObjectHandle(), keyStoreAccess.getKeyStoreAuth().getReadStoreHandler()), null, keyStoreAccess.getKeyStorePath()))));
    }

    public static KeySource getForPrivateKey(KeystorePersistence keystorePersistence, KeyStoreAccess keyStoreAccess) {
        LOGGER.debug("get keysource for private key of " + keyStoreAccess.getKeyStorePath());
        return new KeyStoreBasedPrivateKeySourceImpl(keystorePersistence.loadKeystore(keyStoreAccess.getKeyStorePath().getObjectHandle(), keyStoreAccess.getKeyStoreAuth().getReadStoreHandler()), keyStoreAccess.getKeyStoreAuth().getReadKeyPassword());
    }

    public static KeySourceAndKeyID getForSecretKey(KeystorePersistence keystorePersistence, KeyStoreAccess keyStoreAccess) {
        LOGGER.debug("get keysource for secret key of " + keyStoreAccess.getKeyStorePath());
        KeyStore loadKeystore = keystorePersistence.loadKeystore(keyStoreAccess.getKeyStorePath().getObjectHandle(), keyStoreAccess.getKeyStoreAuth().getReadStoreHandler());
        return new KeySourceAndKeyID(new KeyStoreBasedSecretKeySourceImpl(loadKeystore, keyStoreAccess.getKeyStoreAuth().getReadKeyHandler()), getRandomSecretKeyIDWithKey(keyStoreAccess, loadKeystore).getKeyID());
    }

    public static SecretKeyIDWithKey getRandomSecretKeyIDWithKey(KeyStoreAccess keyStoreAccess, KeyStore keyStore) {
        JWKSet exportKeys = JwkExport.exportKeys(keyStore, keyStoreAccess.getKeyStoreAuth().getReadKeyHandler());
        if (exportKeys.getKeys().isEmpty()) {
            throw new SymmetricEncryptionException("did not find any keys in keystore with id: " + keyStoreAccess.getKeyStorePath());
        }
        try {
            KeyAndJwk randomSecretKey = new ServerKeyMap(exportKeys).randomSecretKey();
            return new SecretKeyIDWithKey(new KeyID(new KeyID(randomSecretKey.jwk.getKeyID()).getValue()), (SecretKey) randomSecretKey.key);
        } catch (IndexOutOfBoundsException e) {
            throw new SymmetricEncryptionException("did not find any secret keys in keystore with id: " + keyStoreAccess.getKeyStorePath());
        }
    }

    private static List<JWK> selectEncKeys(JWKSet jWKSet) {
        return new JWKSelector(new JWKMatcher.Builder().keyUse(KeyUse.ENCRYPTION).build()).select(jWKSet);
    }

    private static JWKSet load(KeyStore keyStore, PasswordLookup passwordLookup, BucketPath bucketPath) {
        try {
            LinkedList linkedList = new LinkedList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                char[] charArray = passwordLookup == null ? "".toCharArray() : passwordLookup.lookupPassword(nextElement);
                Certificate certificate = keyStore.getCertificate(nextElement);
                if (certificate != null) {
                    Certificate[] certificateArr = {certificate};
                    if (certificate.getPublicKey() instanceof RSAPublicKey) {
                        linkedList.add(new RSAKey.Builder(RSAKey.parse((X509Certificate) V3CertificateUtils.convert(certificateArr).get(0))).keyID(nextElement).keyStore(keyStore).build());
                    } else if (certificate.getPublicKey() instanceof ECPublicKey) {
                        linkedList.add(new ECKey.Builder(ECKey.parse((X509Certificate) V3CertificateUtils.convert(certificateArr).get(0))).keyID(nextElement).keyStore(keyStore).build());
                    }
                }
            }
            JWKSet jWKSet = new JWKSet(linkedList);
            if (jWKSet.getKeys().isEmpty()) {
                throw new AsymmetricEncryptionException("did not find any public keys in keystore " + bucketPath);
            }
            return jWKSet;
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }
}
